OpenMLS has undergone a security audit sponsored by the Sovereign Tech Agency. The audit was conducted by SRLabs who have finished their work earlier this year.
In summary, 8 issues were found, one of them (improper authentication of MACs) rated “High” severity. All issues were remediated for OpenMLS versions 8.1 and 7.3 with the exception of one “Low” rated issue the fix for which is still in the works. You can find the full report here.
The security audit marks an important step toward making OpenMLS more secure. We would like to thank the Sovereign Tech Agency for supporting OpenMLS by sponsoring this work, and we are grateful to the team at SRLabs for their thorough review. Their findings and guidance have helped us improve OpenMLS, and we appreciated the constructive collaboration throughout the process.